You need to hear this.

$400,000 ransom paid to cybercriminals

In Jackson County, Georgia, local government slowed to crawl when ransomeware encrypted drives and demanded $400,000 in exchange for a file decryption key. Fortunately, 9-1-1 services were still running, but every other computer system in the county was affected. Because the county did not have a backup system, their only choices were to pay the ransom, as they probably didn't want to revert to the olden days of pen and paper.

According to Bleeping Computer:

“The FBI is currently investigating the attack and Poe said that the cybercriminals used a fairly new strain of ransomware called 'Ryunk' and operating by a group in Eastern Europe. The malware is likely Ryuk, associated with a group suspected to be based in Eastern Europe, which borrows code from another piece of ransomware known as Hermes and attributed to the North Korean hacker group Lazarus. However, Hermes was available for purchase to the online underground community so those behind Ryuk could have bought it and taken a few lines of code to make their own malware.”

Ryuk likely got access to Jackson County’s IT systems via phishing, as is often the case. Unfortunately, this isn't an isolated incident, as ransomware has hit many municipalities in recent years, including the City of Atlanta.

Debit card ditches PIN for fingerprint reader

When using an ATM in an unfamiliar location, I feel a bit like I did when taking tests in high school, shielding my secrets as I type in my PIN. But for 200 of so people in the U.K. testing out Natwest’s new debit card with a built-in fingerprint scanner, they no longer have to hide their precious digits. In fact, if all goes well with the trial run, we could all potentially abandon our secret lives when making ATM or debit card transactions.

According to The Verge:

“The fingerprint data is stored locally on the card, meaning there’s no security information for a hacker to be able to steal from a bank’s central database. It’s not foolproof — there’s always the risk a sufficiently determined thief could steal and imitate your fingerprint — but it’s much more secure than a PIN that someone could learn by simply looking over your shoulder as you enter it."

The only caveat is that cardholders have to visit their bank to scan their fingerprint, making this is a tad inconvenient ... I don't remember the last time I went to a physical bank!

But there's more going on in the world than that.

Hard drives repurposed into recording devices

You know the sound: the familiar whirring of a spinning hard drive. Well, what if I told you your hard drive could hear you, too? Researchers from the University of Michigan and Zhejiang University in China found that if a hard drive is properly aligned, it can pick up and record nearby audio.

According to Extreme Tech:

"Turning a hard drive into a listening device doesn’t have anything to do with its data storage capabilities. Instead, the team leveraged the sensors that help control the position of the read head above the platters. The head needs to be in precisely the right spot on the track to operate — even a few nanometers can be the difference between perfect functionality and a corrupted file. The drive’s internal sensors generate what’s called a Positional Error Signal (PES), and this is how the researchers extracted sounds from the hard drive.”

In one of the tests, the recording was clear enough for Shazam to identify the song. They were even able to pick up audio from human voices standing nearby. Perhaps, we will see this snazzy gadgetry in action in the next James Bond film. Or maybe your hard drive is listening to you right now ... who knows!

And you can't not know this.

An autonomous, connected robotic cat toy

Laser pointers are old news. Apparently, your cat deserves better than that. One company wants you to entertain your pet with Mousr, a connected, autonomous robotic cat toy designed to win over your feline friend. An IoT device for cats that costs $150, which you can operate Mousr your phone is ... necessary? Mousr even has the intelligence needed to tell when your cat has it and when it is done playing.

According to Geekologie:

"The robot includes a smartphone companion app to change the robot's playstyle or game mode directly, or if you want to drive the Mousr yourself. It can operate on most surfaces, has sensors to navigate through tight spaces, and comes with two different tails (a fabric 'bounce' tail and feather 'flick' tail) in case your cat prefers one to the other, or just to spice things up every once in a while.”

Good times. But unfortunately, more electronic devices in the world means that IT pros might encounter future help desk tickets about users' malfunctioning "mousrs" in addition to mouses.

This person is a verified professional.

Ok, so the hard drives as recording devices means that you can spy on your boss in his closed door meetings. I think a lot of people will be quite upset if this is something that becomes really well known.

Finger scan debit card could be good, but then you just need to chop off a finger to access everything.

Oh man, why was my mind so morbid today with all of this? I think I need more sun shine.

Not going to lie - That IoT cat toy would be really useful to entertain my cat during the work day. I'm a single pet parent household, and this gal has to go to work. (Sorry, my furry friend, Reginald).

Ok, so the hard drives as recording devices means that you can spy on your boss in his closed door meetings. I think a lot of people will be quite upset if this is something that becomes really well known.

My organization uses laptops primarily with SSD and M.2 drives so we should be safe. Everyone will have to switch our their old mechanical hard drives to be safe.

This person is a verified professional.

Even if I knew they actually would un-encrypt my data, I could never bring myself to pay a ransom like that.... what if they've backdoored something in the process? If you've got no backups anyway, you have no way to know that they're not still in there harvesting your data or getting ready to do it all again when you've made enough money to pay them again?....

I feel bad for the citizens who've had to pay for that ransom with their tax money....

This person is a verified professional.

Token based authentication for credit cards. A token sent to your phone or other device that expires in 30 seconds or after the transaction is complete. Well Fargo has this for payment systems at work and the accounting people have a fob that is tied to their computer and it will generate a number every 30 seconds used for logging in. Banks/CC Companies need something similar and sooner than later

This person is a verified professional.

No backups resulting in a $400k ransom payment suggests to me that everyone involved in decision making for that county should at least be fired and at worst be responsible for making up the loss out of their own pocket.

You could pay $150 for a robot cat toy, or you could get your cat an assortment of cardboard boxes. Think I'll stick with the cheaper options since in my experience it's not hard to keep a cat entertained for the small part of each day they aren't sleeping